License cleanup: add SPDX GPL-2.0 license identifier to files with no license
Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine the correct license.
By default all files without license information are under the default
license of the kernel, which is GPL version 2.
Update the files which contain no license information with the 'GPL-2.0'
SPDX license identifier. The SPDX identifier is a legally binding
shorthand, which can be used instead of the full boiler plate text.
This patch is based on work done by Thomas Gleixner and Kate Stewart and
Philippe Ombredanne.
How this work was done:
Patches were generated and checked against linux-4.14-rc6 for a subset of
the use cases:
- file had no licensing information it it.
- file was a */uapi/* one with no licensing information in it,
- file was a */uapi/* one with existing licensing information,
Further patches will be generated in subsequent months to fix up cases
where non-standard license headers were used, and references to license
had to be inferred by heuristics based on keywords.
The analysis to determine which SPDX License Identifier to be applied to
a file was done in a spreadsheet of side by side results from of the
output of two independent scanners (ScanCode & Windriver) producing SPDX
tag:value files created by Philippe Ombredanne. Philippe prepared the
base worksheet, and did an initial spot review of a few 1000 files.
The 4.13 kernel was the starting point of the analysis with 60,537 files
assessed. Kate Stewart did a file by file comparison of the scanner
results in the spreadsheet to determine which SPDX license identifier(s)
to be applied to the file. She confirmed any determination that was not
immediately clear with lawyers working with the Linux Foundation.
Criteria used to select files for SPDX license identifier tagging was:
- Files considered eligible had to be source code files.
- Make and config files were included as candidates if they contained >5
lines of source
- File already had some variant of a license header in it (even if <5
lines).
All documentation files were explicitly excluded.
The following heuristics were used to determine which SPDX license
identifiers to apply.
- when both scanners couldn't find any license traces, file was
considered to have no license information in it, and the top level
COPYING file license applied.
For non */uapi/* files that summary was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 11139
and resulted in the first patch in this series.
If that file was a */uapi/* path one, it was "GPL-2.0 WITH
Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 WITH Linux-syscall-note 930
and resulted in the second patch in this series.
- if a file had some form of licensing information in it, and was one
of the */uapi/* ones, it was denoted with the Linux-syscall-note if
any GPL family license was found in the file or had no licensing in
it (per prior point). Results summary:
SPDX license identifier # files
---------------------------------------------------|------
GPL-2.0 WITH Linux-syscall-note 270
GPL-2.0+ WITH Linux-syscall-note 169
((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21
((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17
LGPL-2.1+ WITH Linux-syscall-note 15
GPL-1.0+ WITH Linux-syscall-note 14
((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5
LGPL-2.0+ WITH Linux-syscall-note 4
LGPL-2.1 WITH Linux-syscall-note 3
((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3
((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1
and that resulted in the third patch in this series.
- when the two scanners agreed on the detected license(s), that became
the concluded license(s).
- when there was disagreement between the two scanners (one detected a
license but the other didn't, or they both detected different
licenses) a manual inspection of the file occurred.
- In most cases a manual inspection of the information in the file
resulted in a clear resolution of the license that should apply (and
which scanner probably needed to revisit its heuristics).
- When it was not immediately clear, the license identifier was
confirmed with lawyers working with the Linux Foundation.
- If there was any question as to the appropriate license identifier,
the file was flagged for further research and to be revisited later
in time.
In total, over 70 hours of logged manual review was done on the
spreadsheet to determine the SPDX license identifiers to apply to the
source files by Kate, Philippe, Thomas and, in some cases, confirmation
by lawyers working with the Linux Foundation.
Kate also obtained a third independent scan of the 4.13 code base from
FOSSology, and compared selected files where the other two scanners
disagreed against that SPDX file, to see if there was new insights. The
Windriver scanner is based on an older version of FOSSology in part, so
they are related.
Thomas did random spot checks in about 500 files from the spreadsheets
for the uapi headers and agreed with SPDX license identifier in the
files he inspected. For the non-uapi files Thomas did random spot checks
in about 15000 files.
In initial set of patches against 4.14-rc6, 3 files were found to have
copy/paste license identifier errors, and have been fixed to reflect the
correct identifier.
Additionally Philippe spent 10 hours this week doing a detailed manual
inspection and review of the 12,461 patched files from the initial patch
version early this week with:
- a full scancode scan run, collecting the matched texts, detected
license ids and scores
- reviewing anything where there was a license detected (about 500+
files) to ensure that the applied SPDX license was correct
- reviewing anything where there was no detection but the patch license
was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied
SPDX license was correct
This produced a worksheet with 20 files needing minor correction. This
worksheet was then exported into 3 different .csv files for the
different types of files to be modified.
These .csv files were then reviewed by Greg. Thomas wrote a script to
parse the csv files and add the proper SPDX tag to the file, in the
format that the file expected. This script was further refined by Greg
based on the output to detect more types of files automatically and to
distinguish between header and source .c files (which need different
comment types.) Finally Greg ran the script using the .csv files to
generate the patches.
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-01 17:07:57 +03:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0 */
|
2012-04-20 17:45:54 +04:00
|
|
|
/*
|
|
|
|
* ld script to make ARM Linux kernel
|
|
|
|
* taken from the i386 version by Russell King
|
|
|
|
* Written by Martin Mares <mj@atrey.karlin.mff.cuni.cz>
|
|
|
|
*/
|
|
|
|
|
2019-10-30 00:13:40 +03:00
|
|
|
#define RO_EXCEPTION_TABLE_ALIGN 8
|
2020-08-21 22:42:52 +03:00
|
|
|
#define RUNTIME_DISCARD_EXIT
|
2019-10-30 00:13:40 +03:00
|
|
|
|
2012-04-20 17:45:54 +04:00
|
|
|
#include <asm-generic/vmlinux.lds.h>
|
2015-12-01 15:20:40 +03:00
|
|
|
#include <asm/cache.h>
|
2020-09-22 23:49:02 +03:00
|
|
|
#include <asm/hyp_image.h>
|
2015-10-19 16:19:27 +03:00
|
|
|
#include <asm/kernel-pgtable.h>
|
2012-04-20 17:45:54 +04:00
|
|
|
#include <asm/memory.h>
|
|
|
|
#include <asm/page.h>
|
|
|
|
|
arm64: Update the Image header
Currently the kernel Image is stripped of everything past the initial
stack, and at runtime the memory is initialised and used by the kernel.
This makes the effective minimum memory footprint of the kernel larger
than the size of the loaded binary, though bootloaders have no mechanism
to identify how large this minimum memory footprint is. This makes it
difficult to choose safe locations to place both the kernel and other
binaries required at boot (DTB, initrd, etc), such that the kernel won't
clobber said binaries or other reserved memory during initialisation.
Additionally when big endian support was added the image load offset was
overlooked, and is currently of an arbitrary endianness, which makes it
difficult for bootloaders to make use of it. It seems that bootloaders
aren't respecting the image load offset at present anyway, and are
assuming that offset 0x80000 will always be correct.
This patch adds an effective image size to the kernel header which
describes the amount of memory from the start of the kernel Image binary
which the kernel expects to use before detecting memory and handling any
memory reservations. This can be used by bootloaders to choose suitable
locations to load the kernel and/or other binaries such that the kernel
will not clobber any memory unexpectedly. As before, memory reservations
are required to prevent the kernel from clobbering these locations
later.
Both the image load offset and the effective image size are forced to be
little-endian regardless of the native endianness of the kernel to
enable bootloaders to load a kernel of arbitrary endianness. Bootloaders
which wish to make use of the load offset can inspect the effective
image size field for a non-zero value to determine if the offset is of a
known endianness. To enable software to determine the endinanness of the
kernel as may be required for certain use-cases, a new flags field (also
little-endian) is added to the kernel header to export this information.
The documentation is updated to clarify these details. To discourage
future assumptions regarding the value of text_offset, the value at this
point in time is removed from the main flow of the documentation (though
kept as a compatibility note). Some minor formatting issues in the
documentation are also corrected.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Tom Rini <trini@ti.com>
Cc: Geoff Levand <geoff@infradead.org>
Cc: Kevin Hilman <kevin.hilman@linaro.org>
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2014-06-24 19:51:36 +04:00
|
|
|
#include "image.h"
|
|
|
|
|
2012-04-20 17:45:54 +04:00
|
|
|
OUTPUT_ARCH(aarch64)
|
2014-05-16 21:26:01 +04:00
|
|
|
ENTRY(_text)
|
2012-04-20 17:45:54 +04:00
|
|
|
|
|
|
|
jiffies = jiffies_64;
|
|
|
|
|
2020-08-21 17:07:05 +03:00
|
|
|
|
2020-09-22 23:49:03 +03:00
|
|
|
#ifdef CONFIG_KVM
|
2020-08-21 17:07:05 +03:00
|
|
|
#define HYPERVISOR_EXTABLE \
|
|
|
|
. = ALIGN(SZ_8); \
|
|
|
|
__start___kvm_ex_table = .; \
|
|
|
|
*(__kvm_ex_table) \
|
|
|
|
__stop___kvm_ex_table = .;
|
2020-09-22 23:49:09 +03:00
|
|
|
|
2020-12-02 21:41:08 +03:00
|
|
|
#define HYPERVISOR_DATA_SECTIONS \
|
2021-01-05 21:05:35 +03:00
|
|
|
HYP_SECTION_NAME(.rodata) : { \
|
|
|
|
__hyp_rodata_start = .; \
|
2020-12-02 21:41:08 +03:00
|
|
|
*(HYP_SECTION_NAME(.data..ro_after_init)) \
|
2021-01-05 21:05:35 +03:00
|
|
|
*(HYP_SECTION_NAME(.rodata)) \
|
|
|
|
__hyp_rodata_end = .; \
|
2020-12-02 21:41:08 +03:00
|
|
|
}
|
|
|
|
|
2020-09-22 23:49:09 +03:00
|
|
|
#define HYPERVISOR_PERCPU_SECTION \
|
|
|
|
. = ALIGN(PAGE_SIZE); \
|
|
|
|
HYP_SECTION_NAME(.data..percpu) : { \
|
|
|
|
*(HYP_SECTION_NAME(.data..percpu)) \
|
|
|
|
}
|
2020-09-22 23:49:03 +03:00
|
|
|
#else /* CONFIG_KVM */
|
|
|
|
#define HYPERVISOR_EXTABLE
|
2020-12-02 21:41:08 +03:00
|
|
|
#define HYPERVISOR_DATA_SECTIONS
|
2020-09-22 23:49:09 +03:00
|
|
|
#define HYPERVISOR_PERCPU_SECTION
|
2020-09-22 23:49:03 +03:00
|
|
|
#endif
|
2020-08-21 17:07:05 +03:00
|
|
|
|
2012-12-07 22:40:43 +04:00
|
|
|
#define HYPERVISOR_TEXT \
|
|
|
|
/* \
|
ARM, arm64: kvm: get rid of the bounce page
The HYP init bounce page is a runtime construct that ensures that the
HYP init code does not cross a page boundary. However, this is something
we can do perfectly well at build time, by aligning the code appropriately.
For arm64, we just align to 4 KB, and enforce that the code size is less
than 4 KB, regardless of the chosen page size.
For ARM, the whole code is less than 256 bytes, so we tweak the linker
script to align at a power of 2 upper bound of the code size
Note that this also fixes a benign off-by-one error in the original bounce
page code, where a bounce page would be allocated unnecessarily if the code
was exactly 1 page in size.
On ARM, it also fixes an issue with very large kernels reported by Arnd
Bergmann, where stub sections with linker emitted veneers could erroneously
trigger the size/alignment ASSERT() in the linker script.
Tested-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2015-03-19 19:42:26 +03:00
|
|
|
* Align to 4 KB so that \
|
|
|
|
* a) the HYP vector table is at its minimum \
|
|
|
|
* alignment of 2048 bytes \
|
|
|
|
* b) the HYP init code will not cross a page \
|
|
|
|
* boundary if its size does not exceed \
|
|
|
|
* 4 KB (see related ASSERT() below) \
|
2012-12-07 22:40:43 +04:00
|
|
|
*/ \
|
ARM, arm64: kvm: get rid of the bounce page
The HYP init bounce page is a runtime construct that ensures that the
HYP init code does not cross a page boundary. However, this is something
we can do perfectly well at build time, by aligning the code appropriately.
For arm64, we just align to 4 KB, and enforce that the code size is less
than 4 KB, regardless of the chosen page size.
For ARM, the whole code is less than 256 bytes, so we tweak the linker
script to align at a power of 2 upper bound of the code size
Note that this also fixes a benign off-by-one error in the original bounce
page code, where a bounce page would be allocated unnecessarily if the code
was exactly 1 page in size.
On ARM, it also fixes an issue with very large kernels reported by Arnd
Bergmann, where stub sections with linker emitted veneers could erroneously
trigger the size/alignment ASSERT() in the linker script.
Tested-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2015-03-19 19:42:26 +03:00
|
|
|
. = ALIGN(SZ_4K); \
|
2018-05-09 10:46:26 +03:00
|
|
|
__hyp_idmap_text_start = .; \
|
2012-12-07 22:40:43 +04:00
|
|
|
*(.hyp.idmap.text) \
|
2018-05-09 10:46:26 +03:00
|
|
|
__hyp_idmap_text_end = .; \
|
|
|
|
__hyp_text_start = .; \
|
2012-12-07 22:40:43 +04:00
|
|
|
*(.hyp.text) \
|
2020-08-21 17:07:05 +03:00
|
|
|
HYPERVISOR_EXTABLE \
|
2018-05-09 10:46:26 +03:00
|
|
|
__hyp_text_end = .;
|
2012-12-07 22:40:43 +04:00
|
|
|
|
2015-06-01 14:40:33 +03:00
|
|
|
#define IDMAP_TEXT \
|
|
|
|
. = ALIGN(SZ_4K); \
|
2018-05-09 10:46:26 +03:00
|
|
|
__idmap_text_start = .; \
|
2015-06-01 14:40:33 +03:00
|
|
|
*(.idmap.text) \
|
2018-05-09 10:46:26 +03:00
|
|
|
__idmap_text_end = .;
|
2015-06-01 14:40:33 +03:00
|
|
|
|
2016-04-27 19:47:12 +03:00
|
|
|
#ifdef CONFIG_HIBERNATION
|
|
|
|
#define HIBERNATE_TEXT \
|
|
|
|
. = ALIGN(SZ_4K); \
|
2018-05-09 10:46:26 +03:00
|
|
|
__hibernate_exit_text_start = .; \
|
2016-04-27 19:47:12 +03:00
|
|
|
*(.hibernate_exit.text) \
|
2018-05-09 10:46:26 +03:00
|
|
|
__hibernate_exit_text_end = .;
|
2016-04-27 19:47:12 +03:00
|
|
|
#else
|
|
|
|
#define HIBERNATE_TEXT
|
|
|
|
#endif
|
|
|
|
|
2017-11-14 17:07:40 +03:00
|
|
|
#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
|
|
|
|
#define TRAMP_TEXT \
|
|
|
|
. = ALIGN(PAGE_SIZE); \
|
2018-05-09 10:46:26 +03:00
|
|
|
__entry_tramp_text_start = .; \
|
2017-11-14 17:07:40 +03:00
|
|
|
*(.entry.tramp.text) \
|
|
|
|
. = ALIGN(PAGE_SIZE); \
|
2018-05-09 10:46:26 +03:00
|
|
|
__entry_tramp_text_end = .;
|
2017-11-14 17:07:40 +03:00
|
|
|
#else
|
|
|
|
#define TRAMP_TEXT
|
|
|
|
#endif
|
|
|
|
|
2014-10-10 20:42:55 +04:00
|
|
|
/*
|
|
|
|
* The size of the PE/COFF section that covers the kernel image, which
|
2020-03-26 20:14:23 +03:00
|
|
|
* runs from _stext to _edata, must be a round multiple of the PE/COFF
|
|
|
|
* FileAlignment, which we set to its minimum value of 0x200. '_stext'
|
2014-10-10 20:42:55 +04:00
|
|
|
* itself is 4 KB aligned, so padding out _edata to a 0x200 aligned
|
|
|
|
* boundary should be sufficient.
|
|
|
|
*/
|
|
|
|
PECOFF_FILE_ALIGNMENT = 0x200;
|
|
|
|
|
|
|
|
#ifdef CONFIG_EFI
|
|
|
|
#define PECOFF_EDATA_PADDING \
|
|
|
|
.pecoff_edata_padding : { BYTE(0); . = ALIGN(PECOFF_FILE_ALIGNMENT); }
|
|
|
|
#else
|
|
|
|
#define PECOFF_EDATA_PADDING
|
|
|
|
#endif
|
|
|
|
|
2012-04-20 17:45:54 +04:00
|
|
|
SECTIONS
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* XXX: The linker does not define how output sections are
|
|
|
|
* assigned to input sections when there are multiple statements
|
|
|
|
* matching the same input section name. There is no documented
|
|
|
|
* order of matching.
|
|
|
|
*/
|
2020-08-21 22:42:52 +03:00
|
|
|
DISCARDS
|
2012-04-20 17:45:54 +04:00
|
|
|
/DISCARD/ : {
|
2016-01-26 11:13:44 +03:00
|
|
|
*(.interp .dynamic)
|
arm64: relocatable: fix inconsistencies in linker script and options
readelf complains about the section layout of vmlinux when building
with CONFIG_RELOCATABLE=y (for KASLR):
readelf: Warning: [21]: Link field (0) should index a symtab section.
readelf: Warning: [21]: Info field (0) should index a relocatable section.
Also, it seems that our use of '-pie -shared' is contradictory, and
thus ambiguous. In general, the way KASLR is wired up at the moment
is highly tailored to how ld.bfd happens to implement (and conflate)
PIE executables and shared libraries, so given the current effort to
support other toolchains, let's fix some of these issues as well.
- Drop the -pie linker argument and just leave -shared. In ld.bfd,
the differences between them are unclear (except for the ELF type
of the produced image [0]) but lld chokes on seeing both at the
same time.
- Rename the .rela output section to .rela.dyn, as is customary for
shared libraries and PIE executables, so that it is not misidentified
by readelf as a static relocation section (producing the warnings
above).
- Pass the -z notext and -z norelro options to explicitly instruct the
linker to permit text relocations, and to omit the RELRO program
header (which requires a certain section layout that we don't adhere
to in the kernel). These are the defaults for current versions of
ld.bfd.
- Discard .eh_frame and .gnu.hash sections to avoid them from being
emitted between .head.text and .text, screwing up the section layout.
These changes only affect the ELF image, and produce the same binary
image.
[0] b9dce7f1ba01 ("arm64: kernel: force ET_DYN ELF type for ...")
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Peter Smith <peter.smith@linaro.org>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2018-12-03 22:58:05 +03:00
|
|
|
*(.dynsym .dynstr .hash .gnu.hash)
|
2012-04-20 17:45:54 +04:00
|
|
|
}
|
|
|
|
|
2020-08-25 16:54:40 +03:00
|
|
|
. = KIMAGE_VADDR;
|
2012-04-20 17:45:54 +04:00
|
|
|
|
|
|
|
.head.text : {
|
|
|
|
_text = .;
|
|
|
|
HEAD_TEXT
|
|
|
|
}
|
arm64: omit [_text, _stext) from permanent kernel mapping
In a previous patch, we increased the size of the EFI PE/COFF header
to 64 KB, which resulted in the _stext symbol to appear at a fixed
offset of 64 KB into the image.
Since 64 KB is also the largest page size we support, this completely
removes the need to map the first 64 KB of the kernel image, given that
it only contains the arm64 Image header and the EFI header, neither of
which we ever access again after booting the kernel. More importantly,
we should avoid an executable mapping of non-executable and not entirely
predictable data, to deal with the unlikely event that we inadvertently
emitted something that looks like an opcode that could be used as a
gadget for speculative execution.
So let's limit the kernel mapping of .text to the [_stext, _etext)
region, which matches the view of generic code (such as kallsyms) when
it reasons about the boundaries of the kernel's .text section.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20201117124729.12642-2-ardb@kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2020-11-17 15:47:27 +03:00
|
|
|
.text : ALIGN(SEGMENT_ALIGN) { /* Real text segment */
|
2012-04-20 17:45:54 +04:00
|
|
|
_stext = .; /* Text and read-only data */
|
|
|
|
IRQENTRY_TEXT
|
2016-03-26 00:22:05 +03:00
|
|
|
SOFTIRQENTRY_TEXT
|
2016-07-08 19:35:50 +03:00
|
|
|
ENTRY_TEXT
|
2012-04-20 17:45:54 +04:00
|
|
|
TEXT_TEXT
|
|
|
|
SCHED_TEXT
|
2016-10-08 03:02:55 +03:00
|
|
|
CPUIDLE_TEXT
|
2012-04-20 17:45:54 +04:00
|
|
|
LOCK_TEXT
|
arm64: Kprobes with single stepping support
Add support for basic kernel probes(kprobes) and jump probes
(jprobes) for ARM64.
Kprobes utilizes software breakpoint and single step debug
exceptions supported on ARM v8.
A software breakpoint is placed at the probe address to trap the
kernel execution into the kprobe handler.
ARM v8 supports enabling single stepping before the break exception
return (ERET), with next PC in exception return address (ELR_EL1). The
kprobe handler prepares an executable memory slot for out-of-line
execution with a copy of the original instruction being probed, and
enables single stepping. The PC is set to the out-of-line slot address
before the ERET. With this scheme, the instruction is executed with the
exact same register context except for the PC (and DAIF) registers.
Debug mask (PSTATE.D) is enabled only when single stepping a recursive
kprobe, e.g.: during kprobes reenter so that probed instruction can be
single stepped within the kprobe handler -exception- context.
The recursion depth of kprobe is always 2, i.e. upon probe re-entry,
any further re-entry is prevented by not calling handlers and the case
counted as a missed kprobe).
Single stepping from the x-o-l slot has a drawback for PC-relative accesses
like branching and symbolic literals access as the offset from the new PC
(slot address) may not be ensured to fit in the immediate value of
the opcode. Such instructions need simulation, so reject
probing them.
Instructions generating exceptions or cpu mode change are rejected
for probing.
Exclusive load/store instructions are rejected too. Additionally, the
code is checked to see if it is inside an exclusive load/store sequence
(code from Pratyush).
System instructions are mostly enabled for stepping, except MSR/MRS
accesses to "DAIF" flags in PSTATE, which are not safe for
probing.
This also changes arch/arm64/include/asm/ptrace.h to use
include/asm-generic/ptrace.h.
Thanks to Steve Capper and Pratyush Anand for several suggested
Changes.
Signed-off-by: Sandeepa Prabhu <sandeepa.s.prabhu@gmail.com>
Signed-off-by: David A. Long <dave.long@linaro.org>
Signed-off-by: Pratyush Anand <panand@redhat.com>
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2016-07-08 19:35:48 +03:00
|
|
|
KPROBES_TEXT
|
2012-12-07 22:40:43 +04:00
|
|
|
HYPERVISOR_TEXT
|
2015-06-01 14:40:33 +03:00
|
|
|
IDMAP_TEXT
|
2016-04-27 19:47:12 +03:00
|
|
|
HIBERNATE_TEXT
|
2017-11-14 17:07:40 +03:00
|
|
|
TRAMP_TEXT
|
2012-04-20 17:45:54 +04:00
|
|
|
*(.fixup)
|
|
|
|
*(.gnu.warning)
|
|
|
|
. = ALIGN(16);
|
|
|
|
*(.got) /* Global offset table */
|
|
|
|
}
|
|
|
|
|
2020-08-21 22:42:54 +03:00
|
|
|
/*
|
|
|
|
* Make sure that the .got.plt is either completely empty or it
|
|
|
|
* contains only the lazy dispatch entries.
|
|
|
|
*/
|
|
|
|
.got.plt : { *(.got.plt) }
|
|
|
|
ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18,
|
|
|
|
"Unexpected GOT/PLT entries detected!")
|
|
|
|
|
arm64: simplify kernel segment mapping granularity
The mapping of the kernel consist of four segments, each of which is mapped
with different permission attributes and/or lifetimes. To optimize the TLB
and translation table footprint, we define various opaque constants in the
linker script that resolve to different aligment values depending on the
page size and whether CONFIG_DEBUG_ALIGN_RODATA is set.
Considering that
- a 4 KB granule kernel benefits from a 64 KB segment alignment (due to
the fact that it allows the use of the contiguous bit),
- the minimum alignment of the .data segment is THREAD_SIZE already, not
PAGE_SIZE (i.e., we already have padding between _data and the start of
the .data payload in many cases),
- 2 MB is a suitable alignment value on all granule sizes, either for
mapping directly (level 2 on 4 KB), or via the contiguous bit (level 3 on
16 KB and 64 KB),
- anything beyond 2 MB exceeds the minimum alignment mandated by the boot
protocol, and can only be mapped efficiently if the physical alignment
happens to be the same,
we can simplify this by standardizing on 64 KB (or 2 MB) explicitly, i.e.,
regardless of granule size, all segments are aligned either to 64 KB, or to
2 MB if CONFIG_DEBUG_ALIGN_RODATA=y. This also means we can drop the Kconfig
dependency of CONFIG_DEBUG_ALIGN_RODATA on CONFIG_ARM64_4K_PAGES.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2016-03-30 18:43:09 +03:00
|
|
|
. = ALIGN(SEGMENT_ALIGN);
|
arm64: mm: fix location of _etext
As Kees Cook notes in the ARM counterpart of this patch [0]:
The _etext position is defined to be the end of the kernel text code,
and should not include any part of the data segments. This interferes
with things that might check memory ranges and expect executable code
up to _etext.
In particular, Kees is referring to the HARDENED_USERCOPY patch set [1],
which rejects attempts to call copy_to_user() on kernel ranges containing
executable code, but does allow access to the .rodata segment. Regardless
of whether one may or may not agree with the distinction, it makes sense
for _etext to have the same meaning across architectures.
So let's put _etext where it belongs, between .text and .rodata, and fix
up existing references to use __init_begin instead, which unlike _end_rodata
includes the exception and notes sections as well.
The _etext references in kaslr.c are left untouched, since its references
to [_stext, _etext) are meant to capture potential jump instruction targets,
and so disregarding .rodata is actually an improvement here.
[0] http://article.gmane.org/gmane.linux.kernel/2245084
[1] http://thread.gmane.org/gmane.linux.kernel.hardened.devel/2502
Reported-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2016-06-23 16:53:17 +03:00
|
|
|
_etext = .; /* End of text section */
|
|
|
|
|
2019-10-30 00:13:40 +03:00
|
|
|
/* everything from this point to __init_begin will be marked RO NX */
|
|
|
|
RO_DATA(PAGE_SIZE)
|
2012-04-20 17:45:54 +04:00
|
|
|
|
2018-09-24 19:56:18 +03:00
|
|
|
idmap_pg_dir = .;
|
|
|
|
. += IDMAP_DIR_SIZE;
|
arm64/kernel: Fix range on invalidating dcache for boot page tables
Prior to commit 8eb7e28d4c642c31 ("arm64/mm: move runtime pgds to
rodata"), idmap_pgd_dir, tramp_pg_dir, reserved_ttbr0, swapper_pg_dir,
and init_pg_dir were contiguous at the end of the kernel image. The
maintenance at the end of __create_page_tables assumed these were
contiguous, and affected everything from the start of idmap_pg_dir
to the end of init_pg_dir.
That commit moved all but init_pg_dir into the .rodata section, with
other data placed between idmap_pg_dir and init_pg_dir, but did not
update the maintenance. Hence the maintenance is performed on much
more data than necessary (but as the bootloader previously made this
clean to the PoC there is no functional problem).
As we only alter idmap_pg_dir, and init_pg_dir, we only need to perform
maintenance for these. As the other dirs are in .rodata, the bootloader
will have initialised them as expected and cleaned them to the PoC. The
kernel will initialize them as necessary after enabling the MMU.
This patch reworks the maintenance to only cover the idmap_pg_dir and
init_pg_dir to avoid this unnecessary work.
Signed-off-by: Gavin Shan <gshan@redhat.com>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Link: https://lore.kernel.org/r/20200427235700.112220-1-gshan@redhat.com
Signed-off-by: Will Deacon <will@kernel.org>
2020-04-28 02:57:00 +03:00
|
|
|
idmap_pg_end = .;
|
2018-09-24 19:56:18 +03:00
|
|
|
|
|
|
|
#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
|
|
|
|
tramp_pg_dir = .;
|
|
|
|
. += PAGE_SIZE;
|
|
|
|
#endif
|
|
|
|
|
2020-11-03 13:22:29 +03:00
|
|
|
reserved_pg_dir = .;
|
|
|
|
. += PAGE_SIZE;
|
|
|
|
|
2018-09-24 19:56:18 +03:00
|
|
|
swapper_pg_dir = .;
|
|
|
|
. += PAGE_SIZE;
|
|
|
|
|
arm64: simplify kernel segment mapping granularity
The mapping of the kernel consist of four segments, each of which is mapped
with different permission attributes and/or lifetimes. To optimize the TLB
and translation table footprint, we define various opaque constants in the
linker script that resolve to different aligment values depending on the
page size and whether CONFIG_DEBUG_ALIGN_RODATA is set.
Considering that
- a 4 KB granule kernel benefits from a 64 KB segment alignment (due to
the fact that it allows the use of the contiguous bit),
- the minimum alignment of the .data segment is THREAD_SIZE already, not
PAGE_SIZE (i.e., we already have padding between _data and the start of
the .data payload in many cases),
- 2 MB is a suitable alignment value on all granule sizes, either for
mapping directly (level 2 on 4 KB), or via the contiguous bit (level 3 on
16 KB and 64 KB),
- anything beyond 2 MB exceeds the minimum alignment mandated by the boot
protocol, and can only be mapped efficiently if the physical alignment
happens to be the same,
we can simplify this by standardizing on 64 KB (or 2 MB) explicitly, i.e.,
regardless of granule size, all segments are aligned either to 64 KB, or to
2 MB if CONFIG_DEBUG_ALIGN_RODATA=y. This also means we can drop the Kconfig
dependency of CONFIG_DEBUG_ALIGN_RODATA on CONFIG_ARM64_4K_PAGES.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2016-03-30 18:43:09 +03:00
|
|
|
. = ALIGN(SEGMENT_ALIGN);
|
2012-04-20 17:45:54 +04:00
|
|
|
__init_begin = .;
|
2017-03-09 23:52:03 +03:00
|
|
|
__inittext_begin = .;
|
2012-04-20 17:45:54 +04:00
|
|
|
|
|
|
|
INIT_TEXT_SECTION(8)
|
arm64: insn: consistently handle exit text
A kernel built with KASAN && FTRACE_WITH_REGS && !MODULES, produces a
boot-time splat in the bowels of ftrace:
| [ 0.000000] ftrace: allocating 32281 entries in 127 pages
| [ 0.000000] ------------[ cut here ]------------
| [ 0.000000] WARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:2019 ftrace_bug+0x27c/0x328
| [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.4.0-rc3-00008-g7f08ae53a7e3 #13
| [ 0.000000] Hardware name: linux,dummy-virt (DT)
| [ 0.000000] pstate: 60000085 (nZCv daIf -PAN -UAO)
| [ 0.000000] pc : ftrace_bug+0x27c/0x328
| [ 0.000000] lr : ftrace_init+0x640/0x6cc
| [ 0.000000] sp : ffffa000120e7e00
| [ 0.000000] x29: ffffa000120e7e00 x28: ffff00006ac01b10
| [ 0.000000] x27: ffff00006ac898c0 x26: dfffa00000000000
| [ 0.000000] x25: ffffa000120ef290 x24: ffffa0001216df40
| [ 0.000000] x23: 000000000000018d x22: ffffa0001244c700
| [ 0.000000] x21: ffffa00011bf393c x20: ffff00006ac898c0
| [ 0.000000] x19: 00000000ffffffff x18: 0000000000001584
| [ 0.000000] x17: 0000000000001540 x16: 0000000000000007
| [ 0.000000] x15: 0000000000000000 x14: ffffa00010432770
| [ 0.000000] x13: ffff940002483519 x12: 1ffff40002483518
| [ 0.000000] x11: 1ffff40002483518 x10: ffff940002483518
| [ 0.000000] x9 : dfffa00000000000 x8 : 0000000000000001
| [ 0.000000] x7 : ffff940002483519 x6 : ffffa0001241a8c0
| [ 0.000000] x5 : ffff940002483519 x4 : ffff940002483519
| [ 0.000000] x3 : ffffa00011780870 x2 : 0000000000000001
| [ 0.000000] x1 : 1fffe0000d591318 x0 : 0000000000000000
| [ 0.000000] Call trace:
| [ 0.000000] ftrace_bug+0x27c/0x328
| [ 0.000000] ftrace_init+0x640/0x6cc
| [ 0.000000] start_kernel+0x27c/0x654
| [ 0.000000] random: get_random_bytes called from print_oops_end_marker+0x30/0x60 with crng_init=0
| [ 0.000000] ---[ end trace 0000000000000000 ]---
| [ 0.000000] ftrace faulted on writing
| [ 0.000000] [<ffffa00011bf393c>] _GLOBAL__sub_D_65535_0___tracepoint_initcall_level+0x4/0x28
| [ 0.000000] Initializing ftrace call sites
| [ 0.000000] ftrace record flags: 0
| [ 0.000000] (0)
| [ 0.000000] expected tramp: ffffa000100b3344
This is due to an unfortunate combination of several factors.
Building with KASAN results in the compiler generating anonymous
functions to register/unregister global variables against the shadow
memory. These functions are placed in .text.startup/.text.exit, and
given mangled names like _GLOBAL__sub_{I,D}_65535_0_$OTHER_SYMBOL. The
kernel linker script places these in .init.text and .exit.text
respectively, which are both discarded at runtime as part of initmem.
Building with FTRACE_WITH_REGS uses -fpatchable-function-entry=2, which
also instruments KASAN's anonymous functions. When these are discarded
with the rest of initmem, ftrace removes dangling references to these
call sites.
Building without MODULES implicitly disables STRICT_MODULE_RWX, and
causes arm64's patch_map() function to treat any !core_kernel_text()
symbol as something that can be modified in-place. As core_kernel_text()
is only true for .text and .init.text, with the latter depending on
system_state < SYSTEM_RUNNING, we'll treat .exit.text as something that
can be patched in-place. However, .exit.text is mapped read-only.
Hence in this configuration the ftrace init code blows up while trying
to patch one of the functions generated by KASAN.
We could try to filter out the call sites in .exit.text rather than
initializing them, but this would be inconsistent with how we handle
.init.text, and requires hooking into core bits of ftrace. The behaviour
of patch_map() is also inconsistent today, so instead let's clean that
up and have it consistently handle .exit.text.
This patch teaches patch_map() to handle .exit.text at init time,
preventing the boot-time splat above. The flow of patch_map() is
reworked to make the logic clearer and minimize redundant
conditionality.
Fixes: 3b23e4991fb66f6d ("arm64: implement ftrace with regs")
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Amit Daniel Kachhap <amit.kachhap@arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Torsten Duwe <duwe@suse.de>
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2019-12-02 19:11:07 +03:00
|
|
|
|
|
|
|
__exittext_begin = .;
|
2012-04-20 17:45:54 +04:00
|
|
|
.exit.text : {
|
2020-04-16 16:27:30 +03:00
|
|
|
EXIT_TEXT
|
2012-04-20 17:45:54 +04:00
|
|
|
}
|
arm64: insn: consistently handle exit text
A kernel built with KASAN && FTRACE_WITH_REGS && !MODULES, produces a
boot-time splat in the bowels of ftrace:
| [ 0.000000] ftrace: allocating 32281 entries in 127 pages
| [ 0.000000] ------------[ cut here ]------------
| [ 0.000000] WARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:2019 ftrace_bug+0x27c/0x328
| [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.4.0-rc3-00008-g7f08ae53a7e3 #13
| [ 0.000000] Hardware name: linux,dummy-virt (DT)
| [ 0.000000] pstate: 60000085 (nZCv daIf -PAN -UAO)
| [ 0.000000] pc : ftrace_bug+0x27c/0x328
| [ 0.000000] lr : ftrace_init+0x640/0x6cc
| [ 0.000000] sp : ffffa000120e7e00
| [ 0.000000] x29: ffffa000120e7e00 x28: ffff00006ac01b10
| [ 0.000000] x27: ffff00006ac898c0 x26: dfffa00000000000
| [ 0.000000] x25: ffffa000120ef290 x24: ffffa0001216df40
| [ 0.000000] x23: 000000000000018d x22: ffffa0001244c700
| [ 0.000000] x21: ffffa00011bf393c x20: ffff00006ac898c0
| [ 0.000000] x19: 00000000ffffffff x18: 0000000000001584
| [ 0.000000] x17: 0000000000001540 x16: 0000000000000007
| [ 0.000000] x15: 0000000000000000 x14: ffffa00010432770
| [ 0.000000] x13: ffff940002483519 x12: 1ffff40002483518
| [ 0.000000] x11: 1ffff40002483518 x10: ffff940002483518
| [ 0.000000] x9 : dfffa00000000000 x8 : 0000000000000001
| [ 0.000000] x7 : ffff940002483519 x6 : ffffa0001241a8c0
| [ 0.000000] x5 : ffff940002483519 x4 : ffff940002483519
| [ 0.000000] x3 : ffffa00011780870 x2 : 0000000000000001
| [ 0.000000] x1 : 1fffe0000d591318 x0 : 0000000000000000
| [ 0.000000] Call trace:
| [ 0.000000] ftrace_bug+0x27c/0x328
| [ 0.000000] ftrace_init+0x640/0x6cc
| [ 0.000000] start_kernel+0x27c/0x654
| [ 0.000000] random: get_random_bytes called from print_oops_end_marker+0x30/0x60 with crng_init=0
| [ 0.000000] ---[ end trace 0000000000000000 ]---
| [ 0.000000] ftrace faulted on writing
| [ 0.000000] [<ffffa00011bf393c>] _GLOBAL__sub_D_65535_0___tracepoint_initcall_level+0x4/0x28
| [ 0.000000] Initializing ftrace call sites
| [ 0.000000] ftrace record flags: 0
| [ 0.000000] (0)
| [ 0.000000] expected tramp: ffffa000100b3344
This is due to an unfortunate combination of several factors.
Building with KASAN results in the compiler generating anonymous
functions to register/unregister global variables against the shadow
memory. These functions are placed in .text.startup/.text.exit, and
given mangled names like _GLOBAL__sub_{I,D}_65535_0_$OTHER_SYMBOL. The
kernel linker script places these in .init.text and .exit.text
respectively, which are both discarded at runtime as part of initmem.
Building with FTRACE_WITH_REGS uses -fpatchable-function-entry=2, which
also instruments KASAN's anonymous functions. When these are discarded
with the rest of initmem, ftrace removes dangling references to these
call sites.
Building without MODULES implicitly disables STRICT_MODULE_RWX, and
causes arm64's patch_map() function to treat any !core_kernel_text()
symbol as something that can be modified in-place. As core_kernel_text()
is only true for .text and .init.text, with the latter depending on
system_state < SYSTEM_RUNNING, we'll treat .exit.text as something that
can be patched in-place. However, .exit.text is mapped read-only.
Hence in this configuration the ftrace init code blows up while trying
to patch one of the functions generated by KASAN.
We could try to filter out the call sites in .exit.text rather than
initializing them, but this would be inconsistent with how we handle
.init.text, and requires hooking into core bits of ftrace. The behaviour
of patch_map() is also inconsistent today, so instead let's clean that
up and have it consistently handle .exit.text.
This patch teaches patch_map() to handle .exit.text at init time,
preventing the boot-time splat above. The flow of patch_map() is
reworked to make the logic clearer and minimize redundant
conditionality.
Fixes: 3b23e4991fb66f6d ("arm64: implement ftrace with regs")
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Amit Daniel Kachhap <amit.kachhap@arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Torsten Duwe <duwe@suse.de>
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2019-12-02 19:11:07 +03:00
|
|
|
__exittext_end = .;
|
2015-01-22 04:36:06 +03:00
|
|
|
|
2017-03-09 23:52:03 +03:00
|
|
|
. = ALIGN(4);
|
|
|
|
.altinstructions : {
|
|
|
|
__alt_instructions = .;
|
|
|
|
*(.altinstructions)
|
|
|
|
__alt_instructions_end = .;
|
|
|
|
}
|
|
|
|
|
2020-04-13 18:55:18 +03:00
|
|
|
. = ALIGN(SEGMENT_ALIGN);
|
2017-03-09 23:52:03 +03:00
|
|
|
__inittext_end = .;
|
|
|
|
__initdata_begin = .;
|
|
|
|
|
2012-04-20 17:45:54 +04:00
|
|
|
.init.data : {
|
|
|
|
INIT_DATA
|
|
|
|
INIT_SETUP(16)
|
|
|
|
INIT_CALLS
|
|
|
|
CON_INITCALL
|
|
|
|
INIT_RAM_FS
|
2020-12-09 21:04:48 +03:00
|
|
|
*(.init.altinstructions .init.bss) /* from the EFI stub */
|
2012-04-20 17:45:54 +04:00
|
|
|
}
|
|
|
|
.exit.data : {
|
2020-04-16 16:27:30 +03:00
|
|
|
EXIT_DATA
|
2012-04-20 17:45:54 +04:00
|
|
|
}
|
|
|
|
|
2015-12-01 15:20:40 +03:00
|
|
|
PERCPU_SECTION(L1_CACHE_BYTES)
|
2020-09-22 23:49:09 +03:00
|
|
|
HYPERVISOR_PERCPU_SECTION
|
2012-04-20 17:45:54 +04:00
|
|
|
|
arm64: relocatable: fix inconsistencies in linker script and options
readelf complains about the section layout of vmlinux when building
with CONFIG_RELOCATABLE=y (for KASLR):
readelf: Warning: [21]: Link field (0) should index a symtab section.
readelf: Warning: [21]: Info field (0) should index a relocatable section.
Also, it seems that our use of '-pie -shared' is contradictory, and
thus ambiguous. In general, the way KASLR is wired up at the moment
is highly tailored to how ld.bfd happens to implement (and conflate)
PIE executables and shared libraries, so given the current effort to
support other toolchains, let's fix some of these issues as well.
- Drop the -pie linker argument and just leave -shared. In ld.bfd,
the differences between them are unclear (except for the ELF type
of the produced image [0]) but lld chokes on seeing both at the
same time.
- Rename the .rela output section to .rela.dyn, as is customary for
shared libraries and PIE executables, so that it is not misidentified
by readelf as a static relocation section (producing the warnings
above).
- Pass the -z notext and -z norelro options to explicitly instruct the
linker to permit text relocations, and to omit the RELRO program
header (which requires a certain section layout that we don't adhere
to in the kernel). These are the defaults for current versions of
ld.bfd.
- Discard .eh_frame and .gnu.hash sections to avoid them from being
emitted between .head.text and .text, screwing up the section layout.
These changes only affect the ELF image, and produce the same binary
image.
[0] b9dce7f1ba01 ("arm64: kernel: force ET_DYN ELF type for ...")
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Peter Smith <peter.smith@linaro.org>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2018-12-03 22:58:05 +03:00
|
|
|
.rela.dyn : ALIGN(8) {
|
2016-01-26 11:13:44 +03:00
|
|
|
*(.rela .rela*)
|
|
|
|
}
|
2014-11-14 18:54:08 +03:00
|
|
|
|
arm64: relocatable: fix inconsistencies in linker script and options
readelf complains about the section layout of vmlinux when building
with CONFIG_RELOCATABLE=y (for KASLR):
readelf: Warning: [21]: Link field (0) should index a symtab section.
readelf: Warning: [21]: Info field (0) should index a relocatable section.
Also, it seems that our use of '-pie -shared' is contradictory, and
thus ambiguous. In general, the way KASLR is wired up at the moment
is highly tailored to how ld.bfd happens to implement (and conflate)
PIE executables and shared libraries, so given the current effort to
support other toolchains, let's fix some of these issues as well.
- Drop the -pie linker argument and just leave -shared. In ld.bfd,
the differences between them are unclear (except for the ELF type
of the produced image [0]) but lld chokes on seeing both at the
same time.
- Rename the .rela output section to .rela.dyn, as is customary for
shared libraries and PIE executables, so that it is not misidentified
by readelf as a static relocation section (producing the warnings
above).
- Pass the -z notext and -z norelro options to explicitly instruct the
linker to permit text relocations, and to omit the RELRO program
header (which requires a certain section layout that we don't adhere
to in the kernel). These are the defaults for current versions of
ld.bfd.
- Discard .eh_frame and .gnu.hash sections to avoid them from being
emitted between .head.text and .text, screwing up the section layout.
These changes only affect the ELF image, and produce the same binary
image.
[0] b9dce7f1ba01 ("arm64: kernel: force ET_DYN ELF type for ...")
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Peter Smith <peter.smith@linaro.org>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2018-12-03 22:58:05 +03:00
|
|
|
__rela_offset = ABSOLUTE(ADDR(.rela.dyn) - KIMAGE_VADDR);
|
|
|
|
__rela_size = SIZEOF(.rela.dyn);
|
2016-04-18 18:09:43 +03:00
|
|
|
|
2019-08-01 04:18:42 +03:00
|
|
|
#ifdef CONFIG_RELR
|
|
|
|
.relr.dyn : ALIGN(8) {
|
|
|
|
*(.relr.dyn)
|
|
|
|
}
|
|
|
|
|
|
|
|
__relr_offset = ABSOLUTE(ADDR(.relr.dyn) - KIMAGE_VADDR);
|
|
|
|
__relr_size = SIZEOF(.relr.dyn);
|
|
|
|
#endif
|
|
|
|
|
arm64: simplify kernel segment mapping granularity
The mapping of the kernel consist of four segments, each of which is mapped
with different permission attributes and/or lifetimes. To optimize the TLB
and translation table footprint, we define various opaque constants in the
linker script that resolve to different aligment values depending on the
page size and whether CONFIG_DEBUG_ALIGN_RODATA is set.
Considering that
- a 4 KB granule kernel benefits from a 64 KB segment alignment (due to
the fact that it allows the use of the contiguous bit),
- the minimum alignment of the .data segment is THREAD_SIZE already, not
PAGE_SIZE (i.e., we already have padding between _data and the start of
the .data payload in many cases),
- 2 MB is a suitable alignment value on all granule sizes, either for
mapping directly (level 2 on 4 KB), or via the contiguous bit (level 3 on
16 KB and 64 KB),
- anything beyond 2 MB exceeds the minimum alignment mandated by the boot
protocol, and can only be mapped efficiently if the physical alignment
happens to be the same,
we can simplify this by standardizing on 64 KB (or 2 MB) explicitly, i.e.,
regardless of granule size, all segments are aligned either to 64 KB, or to
2 MB if CONFIG_DEBUG_ALIGN_RODATA=y. This also means we can drop the Kconfig
dependency of CONFIG_DEBUG_ALIGN_RODATA on CONFIG_ARM64_4K_PAGES.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2016-03-30 18:43:09 +03:00
|
|
|
. = ALIGN(SEGMENT_ALIGN);
|
2017-03-09 23:52:03 +03:00
|
|
|
__initdata_end = .;
|
2015-12-09 15:44:38 +03:00
|
|
|
__init_end = .;
|
|
|
|
|
2013-11-04 20:38:47 +04:00
|
|
|
_data = .;
|
|
|
|
_sdata = .;
|
2019-10-30 00:13:35 +03:00
|
|
|
RW_DATA(L1_CACHE_BYTES, PAGE_SIZE, THREAD_ALIGN)
|
2016-08-24 20:27:29 +03:00
|
|
|
|
2020-12-02 21:41:08 +03:00
|
|
|
HYPERVISOR_DATA_SECTIONS
|
|
|
|
|
2016-08-24 20:27:29 +03:00
|
|
|
/*
|
|
|
|
* Data written with the MMU off but read with the MMU on requires
|
|
|
|
* cache lines to be invalidated, discarding up to a Cache Writeback
|
|
|
|
* Granule (CWG) of data from the cache. Keep the section that
|
|
|
|
* requires this type of maintenance to be in its own Cache Writeback
|
|
|
|
* Granule (CWG) area so the cache maintenance operations don't
|
|
|
|
* interfere with adjacent data.
|
|
|
|
*/
|
|
|
|
.mmuoff.data.write : ALIGN(SZ_2K) {
|
|
|
|
__mmuoff_data_start = .;
|
|
|
|
*(.mmuoff.data.write)
|
|
|
|
}
|
|
|
|
. = ALIGN(SZ_2K);
|
|
|
|
.mmuoff.data.read : {
|
|
|
|
*(.mmuoff.data.read)
|
|
|
|
__mmuoff_data_end = .;
|
|
|
|
}
|
|
|
|
|
2014-10-10 20:42:55 +04:00
|
|
|
PECOFF_EDATA_PADDING
|
2017-03-23 22:00:51 +03:00
|
|
|
__pecoff_data_rawsize = ABSOLUTE(. - __initdata_begin);
|
2013-11-04 20:38:47 +04:00
|
|
|
_edata = .;
|
2012-04-20 17:45:54 +04:00
|
|
|
|
|
|
|
BSS_SECTION(0, 0, 0)
|
2014-06-24 19:51:35 +04:00
|
|
|
|
|
|
|
. = ALIGN(PAGE_SIZE);
|
arm64/mm: Separate boot-time page tables from swapper_pg_dir
Since the address of swapper_pg_dir is fixed for a given kernel image,
it is an attractive target for manipulation via an arbitrary write. To
mitigate this we'd like to make it read-only by moving it into the
rodata section.
We require that swapper_pg_dir is at a fixed offset from tramp_pg_dir
and reserved_ttbr0, so these will also need to move into rodata.
However, swapper_pg_dir is allocated along with some transient page
tables used for boot which we do not want to move into rodata.
As a step towards this, this patch separates the boot-time page tables
into a new init_pg_dir, and reduces swapper_pg_dir to the single page it
needs to be. This allows us to retain the relationship between
swapper_pg_dir, tramp_pg_dir, and swapper_pg_dir, while cleanly
separating these from the boot-time page tables.
The init_pg_dir holds all of the pgd/pud/pmd/pte levels needed during
boot, and all of these levels will be freed when we switch to the
swapper_pg_dir, which is initialized by the existing code in
paging_init(). Since we start off on the init_pg_dir, we no longer need
to allocate a transient page table in paging_init() in order to ensure
that swapper_pg_dir isn't live while we initialize it.
There should be no functional change as a result of this patch.
Signed-off-by: Jun Yao <yaojun8558363@gmail.com>
Reviewed-by: James Morse <james.morse@arm.com>
[Mark: place init_pg_dir after BSS, fold mm changes, commit message]
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2018-09-24 17:47:49 +03:00
|
|
|
init_pg_dir = .;
|
|
|
|
. += INIT_DIR_SIZE;
|
|
|
|
init_pg_end = .;
|
|
|
|
|
2020-04-13 18:55:18 +03:00
|
|
|
. = ALIGN(SEGMENT_ALIGN);
|
2017-03-23 22:00:51 +03:00
|
|
|
__pecoff_data_size = ABSOLUTE(. - __initdata_begin);
|
2012-04-20 17:45:54 +04:00
|
|
|
_end = .;
|
|
|
|
|
|
|
|
STABS_DEBUG
|
2020-08-21 22:42:53 +03:00
|
|
|
DWARF_DEBUG
|
2020-08-21 22:42:45 +03:00
|
|
|
ELF_DETAILS
|
arm64: Update the Image header
Currently the kernel Image is stripped of everything past the initial
stack, and at runtime the memory is initialised and used by the kernel.
This makes the effective minimum memory footprint of the kernel larger
than the size of the loaded binary, though bootloaders have no mechanism
to identify how large this minimum memory footprint is. This makes it
difficult to choose safe locations to place both the kernel and other
binaries required at boot (DTB, initrd, etc), such that the kernel won't
clobber said binaries or other reserved memory during initialisation.
Additionally when big endian support was added the image load offset was
overlooked, and is currently of an arbitrary endianness, which makes it
difficult for bootloaders to make use of it. It seems that bootloaders
aren't respecting the image load offset at present anyway, and are
assuming that offset 0x80000 will always be correct.
This patch adds an effective image size to the kernel header which
describes the amount of memory from the start of the kernel Image binary
which the kernel expects to use before detecting memory and handling any
memory reservations. This can be used by bootloaders to choose suitable
locations to load the kernel and/or other binaries such that the kernel
will not clobber any memory unexpectedly. As before, memory reservations
are required to prevent the kernel from clobbering these locations
later.
Both the image load offset and the effective image size are forced to be
little-endian regardless of the native endianness of the kernel to
enable bootloaders to load a kernel of arbitrary endianness. Bootloaders
which wish to make use of the load offset can inspect the effective
image size field for a non-zero value to determine if the offset is of a
known endianness. To enable software to determine the endinanness of the
kernel as may be required for certain use-cases, a new flags field (also
little-endian) is added to the kernel header to export this information.
The documentation is updated to clarify these details. To discourage
future assumptions regarding the value of text_offset, the value at this
point in time is removed from the main flow of the documentation (though
kept as a compatibility note). Some minor formatting issues in the
documentation are also corrected.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Tom Rini <trini@ti.com>
Cc: Geoff Levand <geoff@infradead.org>
Cc: Kevin Hilman <kevin.hilman@linaro.org>
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2014-06-24 19:51:36 +04:00
|
|
|
|
|
|
|
HEAD_SYMBOLS
|
2020-08-21 22:42:54 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Sections that should stay zero sized, which is safer to
|
|
|
|
* explicitly check instead of blindly discarding.
|
|
|
|
*/
|
|
|
|
.plt : {
|
2020-10-28 16:33:32 +03:00
|
|
|
*(.plt) *(.plt.*) *(.iplt) *(.igot .igot.plt)
|
2020-08-21 22:42:54 +03:00
|
|
|
}
|
|
|
|
ASSERT(SIZEOF(.plt) == 0, "Unexpected run-time procedure linkages detected!")
|
|
|
|
|
|
|
|
.data.rel.ro : { *(.data.rel.ro) }
|
|
|
|
ASSERT(SIZEOF(.data.rel.ro) == 0, "Unexpected RELRO detected!")
|
2012-04-20 17:45:54 +04:00
|
|
|
}
|
2012-12-07 22:40:43 +04:00
|
|
|
|
2019-08-14 02:04:50 +03:00
|
|
|
#include "image-vars.h"
|
|
|
|
|
2012-12-07 22:40:43 +04:00
|
|
|
/*
|
2015-06-01 14:40:33 +03:00
|
|
|
* The HYP init code and ID map text can't be longer than a page each,
|
ARM, arm64: kvm: get rid of the bounce page
The HYP init bounce page is a runtime construct that ensures that the
HYP init code does not cross a page boundary. However, this is something
we can do perfectly well at build time, by aligning the code appropriately.
For arm64, we just align to 4 KB, and enforce that the code size is less
than 4 KB, regardless of the chosen page size.
For ARM, the whole code is less than 256 bytes, so we tweak the linker
script to align at a power of 2 upper bound of the code size
Note that this also fixes a benign off-by-one error in the original bounce
page code, where a bounce page would be allocated unnecessarily if the code
was exactly 1 page in size.
On ARM, it also fixes an issue with very large kernels reported by Arnd
Bergmann, where stub sections with linker emitted veneers could erroneously
trigger the size/alignment ASSERT() in the linker script.
Tested-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2015-03-19 19:42:26 +03:00
|
|
|
* and should not cross a page boundary.
|
2012-12-07 22:40:43 +04:00
|
|
|
*/
|
ARM, arm64: kvm: get rid of the bounce page
The HYP init bounce page is a runtime construct that ensures that the
HYP init code does not cross a page boundary. However, this is something
we can do perfectly well at build time, by aligning the code appropriately.
For arm64, we just align to 4 KB, and enforce that the code size is less
than 4 KB, regardless of the chosen page size.
For ARM, the whole code is less than 256 bytes, so we tweak the linker
script to align at a power of 2 upper bound of the code size
Note that this also fixes a benign off-by-one error in the original bounce
page code, where a bounce page would be allocated unnecessarily if the code
was exactly 1 page in size.
On ARM, it also fixes an issue with very large kernels reported by Arnd
Bergmann, where stub sections with linker emitted veneers could erroneously
trigger the size/alignment ASSERT() in the linker script.
Tested-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2015-03-19 19:42:26 +03:00
|
|
|
ASSERT(__hyp_idmap_text_end - (__hyp_idmap_text_start & ~(SZ_4K - 1)) <= SZ_4K,
|
|
|
|
"HYP init code too big or misaligned")
|
2015-06-01 14:40:33 +03:00
|
|
|
ASSERT(__idmap_text_end - (__idmap_text_start & ~(SZ_4K - 1)) <= SZ_4K,
|
|
|
|
"ID map text too big or misaligned")
|
2016-04-27 19:47:12 +03:00
|
|
|
#ifdef CONFIG_HIBERNATION
|
|
|
|
ASSERT(__hibernate_exit_text_end - (__hibernate_exit_text_start & ~(SZ_4K - 1))
|
|
|
|
<= SZ_4K, "Hibernate exit text too big or misaligned")
|
|
|
|
#endif
|
2017-12-06 14:24:02 +03:00
|
|
|
#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
|
|
|
|
ASSERT((__entry_tramp_text_end - __entry_tramp_text_start) == PAGE_SIZE,
|
|
|
|
"Entry trampoline text too big")
|
|
|
|
#endif
|
2014-06-24 19:51:37 +04:00
|
|
|
/*
|
|
|
|
* If padding is applied before .head.text, virt<->phys conversions will fail.
|
|
|
|
*/
|
2020-08-25 16:54:40 +03:00
|
|
|
ASSERT(_text == KIMAGE_VADDR, "HEAD is misaligned")
|